#
 

CSAW'15 HSF Crime Scene

Solving the HSF murder mystery isn't the only way to earn points. At CSAW'15, HSF teams were invited to visit the Digital Forensics Consortium (DFC) Scene at an assigned time, where they used their forensic and investigative skills to find all the evidence items, including the key device with vital information stored on it, in fewer than 15 minutes! Here's how the game was played.

Points are awarded for:

  • Each evidence item found and secured
  • Identifying the key device
  • Finding the vital information on the device
  • The goal of this challenge is to educate participants on real issues that investigators face through a fun, interactive competition.
HOW IT WORKS
  • The participant(s) will be given a scenario in which a cybercrime has been committed. They are allowed to read the scenario as many times as they wish and take the scenario into the scene with them, if they so choose.
  • In addition to the scenarios, there will be an interrogation script from a previous interrogation of the suspect.
  • Once they've reviewed the scenario and interrogation script, participants will be given gloves to put on. Then they're led into the crime scene.
  • The participant’s job is to identify and secure all digital devices and analyze one device for evidence within a 15 minute timeframe.
  • To secure a digital device, place it on the table side marked “DIGITAL DEVICES” and describe the item to the Scorekeeper for recording (so you get credit for it).
  • Other items, considered non-digital, should be placed on the table side marked “NON- DIGITAL DEVICE.”
  • The one device the participants choose to analyze must be correctly attached to the forensic laptop and pre-approved by the Scorekeeper.
  • Choose the correct evidence device on the first try to gain more points.
  • If an incorrect device is chosen, the Scorekeeper will state “Improper Device,” and the participant will have to search for another. Points will be deducted for this.
  • When the evidence is found on the device, show it to the Evidence Custodian and tell them the search is complete to stop the timer.
  • Participants can choose to continue looking for other devices after the evidence is found. However, they must inform the Scorekeeper.
  • Once time is up, the score is submitted and participants must leave the area without touching anything.

NOTE: some devices are worth more points than others. The team with the most points wins. If there's a tie, the team with the faster time wins.

CRIME SCENE RULES
  • Do not remove any items from the scene. Inventory is taken after each participant completes the investigation.
  • Do not behave or act inappropriately with the suspect – show respect for them.
  • Do not remove clothing or other items from the suspect unless required to locate and collect evidence. As a general rule, the only items to be removed are those that would be required to come off at an airport security checkpoint.
  • Do not plug in a device to the forensic machine that the event staff has not approved.
  • Do not touch event staff members or photographers in an inappropriate manner.
  • Do not break any items in the crime scene.
  • Do not bring cell phones or other recording devices into the scene.
  • Do not discuss any details of the crime scene with friends or colleagues – it is a competition.
  • Do not enter the scene without an event staff member or other crime scene administrator.
  • Do not take down signs or logos without prior consent from a crime scene administrator.
  • Do not use the equipment in any way for malicious purposes.
  • Do not cheat.
  • Do not search from the knees down.